Jump to the main content

IEC 62443 - Cyber Security Risk Management

IEC 62443 - Cyber Security Risk Management (Shutterstock | EtiAmmos)

Cyber Security Risk-Analysis and -Management based on IEC 62443 for Machinery Manufacturers and Operators

With increased connectivity of production assets (IIoT), new hazards emerge that need to be included into the traditional risk management processes.

As part of operational hazard analysis and occupational health & safety risk management, risk assessments for production facilities should be extended to include aspects of IT networking and software/application risks.

In cyber security risk management, the focus is on the availability of the facilities (SECURITY) and thus possible negative economic impacts. The analyses from the perspective of Health, Safety and Environment (HSE), primarily assesses risks with regards to human safety and production performance and impacts on the environment (SAFETY).

The connection of the measures for Cyber Security and HSE evaluations thus gives a comprehensive picture of the measures taken to identify possible threats and to take planned countermeasures.

Machine manufacturers and plant manufacturers can use it to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This allows seamless integration into existing systems with known security requirements.

 The machine/plant operator is aware of the security requirements for his company and is thus able to secure its production as well as to expand its operation without many additional measures with new machines that meet the security requirements (IEC 62443 3-2, 3-3).

 The industrial control manufacturer (IACS) can include the consideration of security requirements under IEC 62443 4-1 in its product development processes in order to develop industrial controls with the security requirements relevant to its customers in accordance with IEC 62443-4-2 IEC. Maintenance and service processes are designed safely according to IEC 62443 2-4.

 TÜV TRUST IT offers comprehensive consulting services for all industries for cyber security risk analysis as well as, the definition and implementation of the measures to be taken up to the preparation for certifications according to IEC 62443.

TÜV AUSTRIA affiliates offer various Risk Assessment and Asset Management services, such as Design Reviews, Process Safety Evaluation, HAZOP Studies and other Risk Assessments, Safety Integrity Level evaluation and ISO 55001 consultancy, and many more.

  •  | Print
to top